Microsoft.Authorization roleAssignments 2017-10-01-preview

The roleAssignments resource type is an extension resource, which means you can apply it to another resource.

Use the scope property on this resource to set the scope for this resource.

Template format

To create a Microsoft.Authorization/roleAssignments resource, add the following Bicep or JSON to your template.

resource symbolicname 'Microsoft.Authorization/roleAssignments@2017-10-01-preview' = {
  name: 'string'
  scope: scopeObject
  properties: {
    canDelegate: bool
    principalId: 'string'
    roleDefinitionId: 'string'
  }
}

Property values

roleAssignments

Name Description Value
type The resource type

For Bicep, set this value in the resource declaration.
'Microsoft.Authorization/roleAssignments'
apiVersion The resource api version

For Bicep, set this value in the resource declaration.
'2017-10-01-preview'
name The resource name string (required)
scope Use when creating an extension resource at a scope that is different than the deployment scope.

For Bicep, set this property to the symbolic name of the resource to apply the extension resource to. See Set scope for extension resources in Bicep.

For JSON, set the value to the full name of the resource to apply the extension resource to. See Setting scope on extension resources in ARM templates.
scopeObject
properties Role assignment properties. RoleAssignmentProperties

RoleAssignmentProperties

Name Description Value
canDelegate The delegation flag used for creating a role assignment bool
principalId The principal ID assigned to the role. This maps to the ID inside the Active Directory. It can point to a user, service principal, or security group. string
roleDefinitionId The role definition ID used in the role assignment. string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Hazelcast Cluster

Deploy to Azure
Hazelcast is an in-memory data platform that can be used for a variety of data applications. This template will deploy any number of Hazelcast nodes and they will automatically discover each other.
IBM Cloud Pak for Data on Azure

Deploy to Azure
This template deploys an Openshift cluster on Azure with all the required resources, infrastructure and then deploys IBM Cloud Pak for Data along with the add-ons that user chooses.
min.io Azure Gateway

Deploy to Azure
Fully private min.io Azure Gateway deployment to provide an S3 compliant storage API backed by blob storage
Create a WordPress site

Deploy to Azure
This template creates a WordPress site on Container Instance
Azure Cloud Shell - VNet

Deploy to Azure
This template deploys Azure Cloud Shell resources into an Azure virtual network.
Create a Private AKS Cluster with a Public DNS Zone

Deploy to Azure
This sample shows how to a deploy a private AKS cluster with a Public DNS Zone.
Import VHD Blobs from a ZIP Archive URL

Deploy to Azure
Deploying Virtual Machines based on specialized disk images requires to import VHD files into a Storage Account. In the case there are multiple VHD files compressed in a single ZIP and you got the URL to fetch the ZIP archive, this ARM template will ease the job: Download, Extract and Import into an existing Storage Account Blob Container.
RBAC - Grant Built In Role Access for multiple existing VMs in a Resource Group

Deploy to Azure
This template grants applicable role based access to multiple existing VMs in a Resource Group
Assign an RBAC role to a Resource Group

Deploy to Azure
This template assigns Owner, Reader or Contributor access to an existing resource group.
RBAC - Existing VM

Deploy to Azure
This template grants applicable role based access to an existing VM in a Resource Group
RBAC - Create Managed Identity Access on Azure Maps account

Deploy to Azure
This template creates a Managed Identity and assigns it access to an a created Azure Maps account.
Terraform on Azure

Deploy to Azure
This template allows you to deploy a Terraform workstation as a Linux VM with MSI.
Create an on-demand SFTP Server with persistent storage

Deploy to Azure
This template demonstrates an on-demand SFTP server using an Azure Container Instance (ACI).
Create Disk & enable protection via Backup Vault

Deploy to Azure
Template that creates a disk and enables protection via Backup Vault
Create Storage Account & enable protection via Backup Vault

Deploy to Azure
Template that creates storage account and enable protection via Backup Vault
Create a data share from a storage account

Deploy to Azure
This template creates a data share from a storage account
User assigned identity role assignment template

Deploy to Azure
A template that creates role assignments of user assigned identity on resources that Azure Machine Learning workspace depends on
AKS cluster with the Application Gateway Ingress Controller

Deploy to Azure
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault
Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology

Deploy to Azure
This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering.
Front Door Standard/Premium with static website origin

Deploy to Azure
This template creates a Front Door Standard/Premium (Preview) and an Azure Storage static website, and configured Front Door to send traffic to the static website.
Create ssh-keys and store in KeyVault

Deploy to Azure
This template uses the deploymentScript resource to generate ssh keys and stores the private key in keyVault.
Azure SQL Server with Auditing written to a blob storage

Deploy to Azure
This template allows you to deploy an Azure SQL server with Auditing enabled to write audit logs to a blob storage
SQL logical server.

Deploy to Azure
This template allows you to create SQL logical server.
Azure Synapse Proof-of-Concept

Deploy to Azure
This template creates a proof of concept environment for Azure Synapse, including SQL Pools and optional Apache Spark Pools
Create a resourceGroup, apply a lock and RBAC

Deploy to Azure
This template is a subscription level template that will create a resourceGroup, apply a lock the the resourceGroup and assign contributor permssions to the supplied principalId. Currently, this template cannot be deployed via the Azure Portal.
Assign a role at subscription scope

Deploy to Azure
This template is a subscription level template that will assign a role at subscription scope. Currently, this template cannot be deployed via the Azure Portal.
Assign a role at tenant scope

Deploy to Azure
This template is a tenant level template that will assign a role to the provided principal at the tenant scope. The user deploying the template must already have the Owner role assigned at the tenant scope.